How Safe Is Safe Enough?

One of the ugly truths of engineering is that life has a price. Cars, buildings, power plants, and industrial machinery can always be made safer for a cost, but manufacturers are at the mercy of the market.

”If you ask people how much money you should spend to save a human life, they’ll always say, ‘Whatever it takes,’” Richard A. Muller, a professor of physics at the University of California-Berkeley and author of the book Energy for Future Presidents, told us. “That’s not really rational behavior, but there’s something dry and inhuman about thinking through the actual numbers.”

Indeed, there’s something cold about it. When we pointed out that the Fukushima Daiichi nuclear powerplant was originally designed for an 8.2-level earthquake a couple of weeks ago, some readers were incensed. Japan, they said, has a long history of earthquakes and its utilities should have been prepared for a 9.0. “Any designer who fails to look at the 100-year environment is failing to meet the canon of ethics,” noted one commenter on our website.

On the flip side, the professors of nuclear engineering and physics we interviewed saw it differently. Considering the mammoth nature of the earthquake (which reportedly shifted the earth’s axis between 4 inches and 10 inches and took 15,000 lives), and considering the fact that the World Health Organization recently declared radiation exposure levels in the region to be low, they saw it as a victory for the plant’s design. “The reactor was 40-years-old and it stood up well,” Ahmad Hassanein, head of the nuclear engineering department at Purdue University, told us. “Given the situation, it did better than expected.”

The disparity between those responses can be partially explained by the wildly differing reports emanating from the Internet. Cancer deaths in Japan have been projected to reach anywhere between 40 and 40 million. But that’s not the entire reason for the differences in belief. Much of the debate still comes back to those old issues of design and risk.

Najmedin Meshkati, a professor of civil/environmental and industrial engineering at the University of Southern California, told us that most engineers simply design within the boundaries they’re given. “Engineers try to do a good job based on their training,” said Meshkati, who has studied the Bophal gas disaster, Chernobyl nuclear accident, and the Deepwater Horizon oil spill. “But there are issues of safety and risk that are beyond their level. In many cases, they’re too low on the food chain.” (Meshkati is currently studying Fukushima, but declined to comment on it.)

Still, decisions are made. Often, the numbers depend on a process called Probabilistic Risk Assessment, which looks at what can go wrong, how likely it is, and what its consequences are, Meshkati said. In the end, the numbers are linked to resources, which are never unlimited on any project.

In essence, that’s the nature of engineering. It’s why we don’t have $2 million uncrashable cars that are built like tanks. It’s why houses succumb to earthquakes, table saws lop off fingers, and 30,000 people annually die on our roads. It all comes back to the question of how safe is safe enough? And it’s why engineers see the issues of safety differently than the rest of the world.

It’s also why the professors we interviewed thought the Fukushima plant performed well, despite the ongoing clean-up, groundwater problems, and long-term evacuation. Coal, they said, would have killed thousands more. And the collapse of 120,000 buildings in Japan did kill thousands more. Additional resources might have been better directed toward the design of sturdier buildings, they said.

”Maybe you’re asking the wrong question,” Muller told us, when we asked how much utilities should have been willing to spend to beef up the Fukushima plant for a 9.0 earthquake. “Instead of asking how much you’re willing to spend, maybe you should ask what to spend it on.”

Excellent, thought provoking post. It's clear that safety is a critical issue for all of us but how are our expectations set? Many times, there are additional factors that also come into play. Not alot of easy answers.

At 30,000 deaths per year, we're at about the same raw number of auto deaths in the late 1960s. With a larger population, that shows progress. Even so, if the airline industry experienced one tenth of the number in a year, all planes would be grounded until a solution was found. I'd love to see some pressure on the auto industry to create safer cars.

Every aspect of power generation has numerous failure mechanisms and each of those has a statistical number of deaths associated with it. The total number of predicted deaths per million from a 9.0 vs an 8.2 earthquake involves more calculations than there are engineers to make them. A trash-to-energy plant I'm familiar with requsted a permit to build and was denied because the predicted number of deaths per million of one of the stack gasses (out of 30 or 40 analyzed)was 4 per million (calculation showed one death wtih a margin of error of +/- 3). The applicant hired a world respected engineering firm to re-evaluate the formula and was able to reduce the margin of error from 3 to 2 (for several hundred thousand dollars) which reduced the prediction to 3 per million which was considered acceptable. It is difficult to separate a statistical model from the individual human lives those models represent.

Chuck, this is an interesting and important question. We do not design things to be failsafe. As you point out, that would cost too much. On the other hand, our whole attitude to risk and human safety is completely bizaire on a societal level. We get all upset by things like a school shooting, while we drive our cars in a very dangerous fashion. Go figure.

Automobiles, on the other hand, are MUCH safer today. The number you quote is far less than it was when the population was much lower than it is. There are a number of factors at work here, but the most important is the design of the vehicle.

Finally, I am reminded of the old Tank McNamara cartoon. When fans were asked how long they would watch cars go round and round a track (we're talking NASCAR), they answered a few minutes. When told that there was a possibility someone would die they answered as long as it takes.

If you’re developing an embedded monitoring and control application, then you’ll want to take note of the upcoming Design News Continuing Education Center class, “Embedded Development Using Microchip Microcontrollers and the CCS C Compiler."

Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.